feed/packages.git
3 years agoMerge pull request #16455 from rs/nextdns-1.36.0-openwrt-19.07
Stan Grishin [Wed, 25 Aug 2021 00:07:57 +0000 (17:07 -0700)]
Merge pull request #16455 from rs/nextdns-1.36.0-openwrt-19.07

[19.07] nextdns: Update to version 1.36.0

3 years agonextdns: Update to version 1.36.0 16455/head
Olivier Poitrey [Tue, 24 Aug 2021 23:40:31 +0000 (23:40 +0000)]
nextdns: Update to version 1.36.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #16411 from paper42/file-5.38-19
Rosen Penev [Mon, 23 Aug 2021 12:58:04 +0000 (05:58 -0700)]
Merge pull request #16411 from paper42/file-5.38-19

[19.07] file: update to 5.38

3 years agofile: update to 5.38 16411/head
Michal Vasilek [Fri, 20 Aug 2021 10:23:32 +0000 (12:23 +0200)]
file: update to 5.38

* fixes CVE-2019-18218

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
3 years agoMerge pull request #16412 from paper42/tar-cve-19
Josef Schlehofer [Sun, 22 Aug 2021 07:34:58 +0000 (09:34 +0200)]
Merge pull request #16412 from paper42/tar-cve-19

[19.07] tar: fix CVE-2021-20193

3 years agohttps-dns-proxy: patch CMakeList.txt to use OpenWrt CFLAGS
Etienne Champetier [Fri, 20 Aug 2021 19:33:27 +0000 (15:33 -0400)]
https-dns-proxy: patch CMakeList.txt to use OpenWrt CFLAGS

This fixes compilation issues with ASLR PIE enabled

We were compiling with '-g -DDEBUG'

https-dns-proxy_2021-07-29-*_arm_cortex-a9_vfpv3-d16.ipk
shrink from 19514 to 19095

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 374e1dd56e1742273b261f25a69fd3d46741e357)

3 years agotar: fix CVE-2021-20193 16412/head
Michal Vasilek [Fri, 20 Aug 2021 14:12:09 +0000 (16:12 +0200)]
tar: fix CVE-2021-20193

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
3 years agomc: add a missing Syntax file
Michal Vasilek [Fri, 20 Aug 2021 08:06:42 +0000 (10:06 +0200)]
mc: add a missing Syntax file

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 312caff03b17241d2e383eb254b41d35e9225294)
Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years agoMerge pull request #16398 from paper42/mc-1907
Josef Schlehofer [Thu, 19 Aug 2021 15:33:36 +0000 (17:33 +0200)]
Merge pull request #16398 from paper42/mc-1907

[19.07] mc: update to 2.8.27

3 years agomc: update to 2.8.27 16398/head
Michal Vasilek [Tue, 17 Aug 2021 14:40:37 +0000 (16:40 +0200)]
mc: update to 2.8.27

* fixes CVE-2021-36370
* refresh patches

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
3 years agounixodbc: use 'install' when copying host binaries
Eneas U de Queiroz [Wed, 11 Aug 2021 14:04:50 +0000 (11:04 -0300)]
unixodbc: use 'install' when copying host binaries

'cp' fails with a text file busy error if it tries to overwrite an
executable file that is running.  'install' unlinks the file first, so
it will not cause the problem.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 47f98d7030f1023e7b2ed118c7774c6100fc979b)

3 years agoperl: perlmod.mk: use 'install' for host binaries
Eneas U de Queiroz [Wed, 11 Aug 2021 13:57:23 +0000 (10:57 -0300)]
perl: perlmod.mk: use 'install' for host binaries

When installing a host perl module, the host perl binary in the staging
dir is replaced by using 'cp'.  However, if the binary is running in a
parallel job, cp will fail with a text file busy error.  Use
$(INSTALL_BIN), which unliks the file first to avoid the error.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 19c7496648cb25500ca7007a7c1578a426c23a09)

3 years agoMerge pull request #16254 from stangri/19.07-https-dns-proxy
Stan Grishin [Wed, 4 Aug 2021 05:14:19 +0000 (22:14 -0700)]
Merge pull request #16254 from stangri/19.07-https-dns-proxy

[19.07] https-dns-proxy: update to 2021-07-29-1

3 years agoknot: update to version 3.0.8
Jan Hak [Mon, 19 Jul 2021 14:50:43 +0000 (16:50 +0200)]
knot: update to version 3.0.8

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 5f374929cfdf59fd1b2ec558cd024f5b301d3169)

3 years agoknot: update to version 3.0.7
Jan Hak [Mon, 21 Jun 2021 08:52:32 +0000 (10:52 +0200)]
knot: update to version 3.0.7

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit 8d66f49baef164e6c7a621dd7e72328f62f242f4)

3 years agoknot: update to version 3.0.6
Jan Hak [Thu, 13 May 2021 07:32:01 +0000 (09:32 +0200)]
knot: update to version 3.0.6

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit d578f60818b9dd53cc3285cc4deff32fb09f7a89)

3 years agoknot: update to version 3.0.5
Jan Hak [Mon, 29 Mar 2021 09:48:21 +0000 (11:48 +0200)]
knot: update to version 3.0.5

Signed-off-by: Jan Hak <jan.hak@nic.cz>
(cherry picked from commit d92a2cd21bbc41ceba9ac2b7a8ccc96a0bd2a249)

3 years agoMerge pull request #15108 from neheb/ksmbd
Hauke Mehrtens [Sun, 1 Aug 2021 16:09:24 +0000 (16:09 +0000)]
Merge pull request #15108 from neheb/ksmbd

ksmbd updates for 19.07

3 years agohttps-dns-proxy: update to 2021-07-29-01 16254/head
Stan Grishin [Fri, 30 Jul 2021 00:02:52 +0000 (00:02 +0000)]
https-dns-proxy: update to 2021-07-29-01

* update binary to the latest commit (2021-07-29) to fix #16222 and #16239
* add hotplug.d/iface file and update Makefile to install it
* use Cloudflare's and Google's bootstrap DNS if bootstrap DNS is missing
* minor improvements in append_bool function
* add append_counter function for verbosity setting
* add append_bootstrap function (and supporting functions) to parse/sanitize bootstrap setting
* move firewall array from 'main' instance to the first proxy instance
* delete useless 'main' instace

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agonextdns: Update to version 1.35.0
Olivier Poitrey [Thu, 29 Jul 2021 23:34:22 +0000 (23:34 +0000)]
nextdns: Update to version 1.35.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoadblock: bugfix 4.0.7-9
Dirk Brenken [Wed, 28 Jul 2021 06:01:44 +0000 (08:01 +0200)]
adblock: bugfix 4.0.7-9

* fix regex to prepare google safesearch domains

Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years agolibrouteros: don't build docs
Rosen Penev [Thu, 22 Jul 2021 22:25:50 +0000 (15:25 -0700)]
librouteros: don't build docs

Fixes compilation without host pod2man.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit e41fd1794be2e8cc78c3df4bc4f4e05100eda959)

3 years agosyslog-ng: update to version 3.33.2
Josef Schlehofer [Wed, 21 Jul 2021 21:28:05 +0000 (23:28 +0200)]
syslog-ng: update to version 3.33.2

Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.2

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 4b06f9ff4c3c5abe54ccd9248de9cf52f198d63d)

3 years agoyggdrasil: bump to 0.4.0
George Iv [Mon, 19 Jul 2021 12:46:16 +0000 (15:46 +0300)]
yggdrasil: bump to 0.4.0

- Bump yggdrasil-go version to v0.4.0
- Update ygguci tool for compatibility with the new yggdrasil-go version
- Yggdrasil's config file is now generated in a separate command before running the daemon

Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit e135c4c86764f84339bba44d87153ed7db14d396)

3 years agoMerge pull request #16166 from stangri/19.07-vpnbypass
Rosen Penev [Wed, 21 Jul 2021 03:56:00 +0000 (20:56 -0700)]
Merge pull request #16166 from stangri/19.07-vpnbypass

[19.07] vpnbypass: update to 1.3.2-1

3 years agovpnbypass: updates to 1.3.2-1 16166/head
Stan Grishin [Sun, 18 Jul 2021 19:45:46 +0000 (19:45 +0000)]
vpnbypass: updates to 1.3.2-1

bugfix: domain names bypass
rename config file
update Makefile
updated README link
updated shellcheck compatibility
support for 21.02.0-rc2 and later
updated code for interface triggers
add newline to test.sh

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agoMerge pull request #16095 from turris-cz/bind-update
Josef Schlehofer [Fri, 16 Jul 2021 14:59:08 +0000 (16:59 +0200)]
Merge pull request #16095 from turris-cz/bind-update

bind: update to version 9.16.18

3 years agoruby: update to 2.6.8
Luiz Angelo Daros de Luca [Thu, 15 Jul 2021 17:49:50 +0000 (14:49 -0300)]
ruby: update to 2.6.8

This release includes security fixes like:

CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
CVE-2021-31799: A command injection vulnerability in RDoc

We ordinally do not fix Ruby 2.6 except security fixes, but this release
also includes some regressed bugs and build problem fixes.

Ruby 2.6 is now under the state of the security maintenance phase, until
the end of March of 2022. After that date, maintenance of Ruby 2.6 will
be ended.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
3 years agoMerge pull request #16133 from jefferyto/addrwatch-fixes-openwrt-19.07
Rosen Penev [Thu, 15 Jul 2021 18:42:18 +0000 (11:42 -0700)]
Merge pull request #16133 from jefferyto/addrwatch-fixes-openwrt-19.07

[openwrt-19.07] addrwatch: Update to 1.0.2 and various fixes

3 years agoaddrwatch: Various fixes 16133/head
Jeffery To [Fri, 18 Jun 2021 08:33:55 +0000 (16:33 +0800)]
addrwatch: Various fixes

Makefile changes include:

* Include syslog output module

* Move main binary (back) to /usr/sbin, as it is system administration
  related and requires superuser privileges

New patches:

* 003-add-space-for-null-byte.patch - from
  https://github.com/fln/addrwatch/commit/374cfd2cabe4db9882d8a210adff430cc579f859

* 004-more-specific-library-linking.patch - from
  https://github.com/fln/addrwatch/commit/27b57d9da322fc16c6904d8e35aae4557a3e517b

* 005-use-c99-format-macro-constants.patch - from
  https://github.com/fln/addrwatch/pull/28

Init script changes include:

* Fix command-line option names and format (from
  https://forum.openwrt.org/t/cant-start-addrwatch-service/60499/3)

* Always use the --quiet command-line option, as the procd instance is
  not configured to capture stdout/stderr

* Change the syslog config option to start the syslog output module

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agoaddrwatch: fix broken conffiles
Jeffery To [Thu, 15 Jul 2021 08:05:33 +0000 (16:05 +0800)]
addrwatch: fix broken conffiles

This is 704e733e51071c864265ff55a8568be3edb82c1f but applied for
addrwatch only.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agoaddrwatch: update to 1.0.2
Rosen Penev [Thu, 27 Feb 2020 04:54:28 +0000 (20:54 -0800)]
addrwatch: update to 1.0.2

Switch to standard tarball to avoid autoreconfig.

Fix license information.

Add PKG_BUILD_PARALLEL for faster compilation.

Add PKG_INSTALL for consistency with other packages.

Removed upstreamed patches. Refresh remaining one.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f1a7d509b5ba1b784c96b24f47c9e0b40da57a3f)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agoaddrwatch: Add missing limits header for PATH_MAX
Rosen Penev [Thu, 28 Nov 2019 07:33:24 +0000 (23:33 -0800)]
addrwatch: Add missing limits header for PATH_MAX

Fixes compilation on musl.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8003eea2b9e70cc2850e9489f47403c86586bdcd)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
3 years agoluajit: for powerpc, add FPU dependency
Rosen Penev [Mon, 1 Mar 2021 22:46:44 +0000 (14:46 -0800)]
luajit: for powerpc, add FPU dependency

powerpc support as of 2.1 does not work with soft float.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit d23ca0010c7c67bd6883a00cf92e90e0bbd08c77)

3 years agoluajit: fix compilation with host clang
Rosen Penev [Sat, 20 Mar 2021 22:23:22 +0000 (15:23 -0700)]
luajit: fix compilation with host clang

It errors out with this section.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0e620f1fa147a7d510f6c499e5062d5dec063dcb)

3 years ago[LuaJIT] Allow MIPS64 support
Donald Hoskins [Mon, 22 Jun 2020 04:03:34 +0000 (00:03 -0400)]
[LuaJIT] Allow MIPS64 support

Signed-off-by: Donald Hoskins <grommish@gmail.com>
(cherry picked from commit d325fbffbe9a06ff8e7682c974d82e371b0da811)

3 years agoluajit: do not install static libraries to InstallDev
Rosen Penev [Fri, 17 Jan 2020 02:07:52 +0000 (18:07 -0800)]
luajit: do not install static libraries to InstallDev

The dynamic library change removed static libraries.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 51de4b2e35607ab9561b58d581b832fcaa8978b5)

3 years agoluajit: use dynamic buildmode
Rosen Penev [Wed, 15 Jan 2020 04:07:05 +0000 (20:07 -0800)]
luajit: use dynamic buildmode

Reduces package size with about 50%

Fixes: https://github.com/openwrt/packages/issues/10848
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit d9487590c64e3636cc4bfa845964c1c3e90e066c)

3 years agoMerge pull request #16062 from miska/snort3
Rosen Penev [Thu, 15 Jul 2021 02:23:31 +0000 (19:23 -0700)]
Merge pull request #16062 from miska/snort3

snort3: Backport update to the stable version

3 years agoyggdrasil: allow HTTPS connections
James Vorderbruggen [Sun, 13 Jun 2021 16:09:57 +0000 (12:09 -0400)]
yggdrasil: allow HTTPS connections

Signed-off-by: James Vorderbruggen <jamesvorder@gmail.com>
(cherry picked from commit ffff3473966c42133b8faed7d8a120739c5451d4)

3 years agoyggdrasil: bump to 0.3.16
George Iv [Sun, 28 Mar 2021 17:39:44 +0000 (13:39 -0400)]
yggdrasil: bump to 0.3.16

Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit 76b642b50ff8a606780c43eef2bb030a60dcdb17)

3 years agoyggdrasil: bump to 0.3.15
George Iv [Mon, 28 Sep 2020 10:04:14 +0000 (06:04 -0400)]
yggdrasil: bump to 0.3.15

Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit 6b2b73018107a8b588756f09c1fde78a305d3692)

3 years agoyggdrasil: Ygg-over-ygg bugfix
William Fleurant [Fri, 24 Jul 2020 03:35:18 +0000 (23:35 -0400)]
yggdrasil: Ygg-over-ygg bugfix

Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit 1d78e7dc3157b113f3026ffdacff09a63d18755c)

3 years agoyggdrasil: bump to 0.3.14
George Iv [Fri, 3 Apr 2020 14:25:35 +0000 (10:25 -0400)]
yggdrasil: bump to 0.3.14

Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit 860f1a111351407b3982e268215edf08123516ae)

3 years agoyggdrasil: bump to 0.3.13
William Fleurant [Sun, 23 Feb 2020 03:31:04 +0000 (22:31 -0500)]
yggdrasil: bump to 0.3.13

Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit 0642927d5dfc4dfe5fa1daa7d61d875677fbfa9c)

3 years agoyggdrasil: bump to 0.3.12
William Fleurant [Mon, 25 Nov 2019 00:18:53 +0000 (19:18 -0500)]
yggdrasil: bump to 0.3.12

Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit be4fe496ce7135bd4978cb7be7a563639babea69)

3 years agoyggdrasil: Change package configuration to UCI
George Iv [Thu, 14 Nov 2019 09:16:02 +0000 (04:16 -0500)]
yggdrasil: Change package configuration to UCI

Signed-off-by: George Iv <57254463+zhoreeq@users.noreply.github.com>
(cherry picked from commit 6857fd45c8498ea1fa97cfe8370ecaab2db03e5b)

3 years agoyggdrasil: fixes build name and version #10309
William Fleurant [Mon, 11 Nov 2019 05:10:48 +0000 (00:10 -0500)]
yggdrasil: fixes build name and version #10309

Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit bd415bc7bfd368f4dace5123cb6664344fc3011b)

3 years agoyggdrasil: uci firewall Section name and cover both IP versions
William Fleurant [Sat, 26 Oct 2019 17:41:13 +0000 (13:41 -0400)]
yggdrasil: uci firewall Section name and cover both IP versions
- rename the section instance to yggdrasil (feat. request)
- allow zone to cover both ip4 and ip6 fam

Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit 2baab77b77c3db5cb8bb61e5697373e5b8e9ac58)

3 years agoyggdrasil: bump to 0.3.11
William Fleurant [Sat, 26 Oct 2019 04:24:30 +0000 (00:24 -0400)]
yggdrasil: bump to 0.3.11

Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit 06bdd7aebfc5b84382af6f89e52aa96e6559d1d4)

3 years agoMerge pull request #16109 from nxhack/1907_libuv
Rosen Penev [Tue, 13 Jul 2021 06:15:11 +0000 (23:15 -0700)]
Merge pull request #16109 from nxhack/1907_libuv

[19.07] libuv: fix CVE-2021-22918

3 years agosyslog-ng: disable mqtt
Josef Schlehofer [Mon, 12 Jul 2021 14:14:31 +0000 (16:14 +0200)]
syslog-ng: disable mqtt

For now, disable mqtt as it was automatically enabled as the build
system finds compiled libpaho-mqtt-c and requires dependency.

---
Here is the output:
Package syslog-ng is missing dependencies for the following libraries:
libpaho-mqtt3c.so.1
---

This is a new feature since syslog-ng 3.33.1 and if anyone is interested
in it, it can be enabled.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e319e89fde0f3c6b3c8ecfffe9bd759c9a44ac15)

3 years agolibuv: fix CVE-2021-22918 16109/head
Hirokazu MORIKAWA [Mon, 12 Jul 2021 06:13:13 +0000 (15:13 +0900)]
libuv: fix CVE-2021-22918

idna: fix OOB read in punycode decoder

libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii()
function which is used to convert strings to ASCII. This is called by
the DNS resolution function and can lead to information disclosures or
crashes.

libuv/libuv@b7466e3
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
3 years agosyslog-ng: update to version 3.33.1
Josef Schlehofer [Sun, 11 Jul 2021 18:16:47 +0000 (20:16 +0200)]
syslog-ng: update to version 3.33.1

- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1

- Bump version in config
It fixes:
WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.33 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.31'

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2b4be08a8c4fbe3d6dec90b91726375e9b38db61)

3 years agoMerge pull request #16087 from turris-cz/19.07/lxc-update-gpg-keyserver
Josef Schlehofer [Sun, 11 Jul 2021 18:44:23 +0000 (20:44 +0200)]
Merge pull request #16087 from turris-cz/19.07/lxc-update-gpg-keyserver

lxc: add patch to switch GPG server

3 years agoczmq: disable nss
Josef Schlehofer [Sun, 11 Jul 2021 17:38:48 +0000 (19:38 +0200)]
czmq: disable nss

While bumping czmq to version 4.2.1 from master branch into OpenWrt
19.07, it automatically detects nss when compiled before czmq.

These steps can verify this:

make package/nss/compile V=s
make package/czmq/compile V=s

Then czmq requires many dependencies:
Package czmq is missing dependencies for the following libraries:
libnspr4.so
libnss3.so
libnssutil3.so
libplc4.so
libplds4.so
libsmime3.so
libsoftokn3.so
libssl3.so

And this fails. If you are using SDK and wants to have just a few
packages then czmq gets compiled if any of those packages are not
present in build system.

This was also mentioned in the release notes for czmq 4.2.1:
https://github.com/zeromq/czmq/releases/tag/v4.2.1

> Note for packagers: NSS can now be used and linked against to avoid using
an internal embedded reimplementation of SHA. It is enabled by default if
present.

NSS was disabled before, so let's disable it.

This is required only for OpenWrt 19.07 as this is done differently in OpenWrt 21.02 and OpenWrt
master and czmq is compiled there.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agoapache: update to 2.4.48
Rosen Penev [Wed, 16 Jun 2021 01:36:03 +0000 (18:36 -0700)]
apache: update to 2.4.48

Fixes:

CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(partially cherry picked from commit 6dfd07097de4e737444cf70c62d34453bbf84f7a)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[removed patch, which is not in OpenWrt 19.07 branch, used integer in
PKG_RELEASE instead of autorelease]

3 years agoczmq: update to version 4.2.1
Jan Pavlinec [Fri, 22 Jan 2021 12:25:56 +0000 (13:25 +0100)]
czmq: update to version 4.2.1

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 39b4c6454561e09d51e8ec062920727c584dca08)

3 years agobind: update to version 9.16.18 16095/head
Josef Schlehofer [Sat, 10 Jul 2021 21:01:58 +0000 (23:01 +0200)]
bind: update to version 9.16.18

Changelog:
https://downloads.isc.org/isc/bind9/9.16.18/doc/arm/html/notes.html#notes-for-bind-9-16-18

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agolxc: add patch to switch GPG server 16087/head
Josef Schlehofer [Sat, 10 Jul 2021 14:33:08 +0000 (16:33 +0200)]
lxc: add patch to switch GPG server

By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.

Use the same GPG server as LXC is using by default in the newer
releases.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agosnort3: Backport stable version from 21.02 16062/head
Michal Hrusecky [Wed, 7 Jul 2021 10:39:31 +0000 (12:39 +0200)]
snort3: Backport stable version from 21.02

Update snort3 from beta to the stable version available in 21.02 version
of feeds.

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
3 years agolibdaq3: New package, dependency of snort3
Michal Hrusecky [Wed, 7 Jul 2021 10:36:20 +0000 (12:36 +0200)]
libdaq3: New package, dependency of snort3

Backport from 21.02 in order to satisfy dependencies of snort3 to allow
upgrade to stable version of snort3 from beta available now.

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
3 years agomsmtp: update to version 1.8.15
Josef Schlehofer [Sun, 30 May 2021 22:37:42 +0000 (00:37 +0200)]
msmtp: update to version 1.8.15

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 110abfb9f6a1718d1817a27cab96c28db4ee6012)

3 years agoMerge pull request #16051 from BKPepe/openwrt-19.07
Josef Schlehofer [Tue, 6 Jul 2021 14:20:02 +0000 (16:20 +0200)]
Merge pull request #16051 from BKPepe/openwrt-19.07

python3: update to version 3.7.11

3 years agoyoutube-dl: update to version 2021.4.7
Josef Schlehofer [Tue, 6 Apr 2021 20:45:06 +0000 (22:45 +0200)]
youtube-dl: update to version 2021.4.7

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 701ded952a2505d3c39184767d2d55d1e299ec0f)

3 years agoyoutube-dl: update to version 2021.2.10
Josef Schlehofer [Thu, 11 Feb 2021 13:55:39 +0000 (14:55 +0100)]
youtube-dl: update to version 2021.2.10

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit a7523a9fabae8842a2fd015d416d6634d5fb7496)

3 years agopython3: update to version 3.7.11 16051/head
Josef Schlehofer [Tue, 6 Jul 2021 07:14:42 +0000 (09:14 +0200)]
python3: update to version 3.7.11

Fixes: CVE-2021-3426
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
3 years agoMerge pull request #16004 from commodo/python-dateutil-setuptools-scm
Rosen Penev [Sat, 3 Jul 2021 22:17:09 +0000 (15:17 -0700)]
Merge pull request #16004 from commodo/python-dateutil-setuptools-scm

[19.07] python-dateutil: pin setuptools-scm version to 5.0.2

3 years agoMerge pull request #16023 from rs/nextdns-1.34.2-openwrt-19.07
Rosen Penev [Sat, 3 Jul 2021 22:15:49 +0000 (15:15 -0700)]
Merge pull request #16023 from rs/nextdns-1.34.2-openwrt-19.07

[19.07] nextdns: Update to version 1.34.2

3 years agonextdns: Update to version 1.34.2 16023/head
Olivier Poitrey [Fri, 2 Jul 2021 18:54:53 +0000 (18:54 +0000)]
nextdns: Update to version 1.34.2

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agoMerge pull request #15663 from Ansuel/fix-ddns-script
Florian Eckert [Fri, 2 Jul 2021 06:57:15 +0000 (08:57 +0200)]
Merge pull request #15663 from Ansuel/fix-ddns-script

[19-07] ddns-scripts: standardize required params declaration

3 years agoddns-scripts: standardize required params declaration 15663/head
Ansuel Smith [Wed, 19 May 2021 17:50:37 +0000 (19:50 +0200)]
ddns-scripts: standardize required params declaration

The luci app scan the script and search for params in the form of
$required_params.
This script use the form "${required_params}" and cause confusion
with the luci app by hiding needed values. Fix this by using the
standard way to declare required params following other ddns scripts.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
3 years agopython-dateutil: pin setuptools-scm version to 5.0.2 16004/head
Alexandru Ardelean [Wed, 30 Jun 2021 14:24:25 +0000 (17:24 +0300)]
python-dateutil: pin setuptools-scm version to 5.0.2

This is known to still work with Python2.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
3 years agoRevert "python-dateutil: disable setuptools-scm for build"
Alexandru Ardelean [Wed, 30 Jun 2021 14:23:00 +0000 (17:23 +0300)]
Revert "python-dateutil: disable setuptools-scm for build"

This reverts commit 29da5d65b6dc10ee6c2f8bfc7c868245289b2157.

That fix doesn't work fully correct as the egg directory has version 0.0.0.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
3 years agopython-dateutil: disable setuptools-scm for build
Alexandru Ardelean [Tue, 29 Jun 2021 09:03:16 +0000 (12:03 +0300)]
python-dateutil: disable setuptools-scm for build

Fixes https://github.com/openwrt/packages/issues/15988

It seems that the newer setuptools-scm package (6.0.1) has some
Python3-only syntax.
For the 19.07 release, where Python2 is still around this causes the
python-dateutil package to fail to build.

See https://github.com/pypa/setuptools_scm/issues/541

However, removing 'setuptools-scm' from the build also works.
This change does that.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
3 years agoMerge pull request #15974 from rs/nextdns-1.33.11-openwrt-19.07
Rosen Penev [Sat, 26 Jun 2021 19:44:24 +0000 (12:44 -0700)]
Merge pull request #15974 from rs/nextdns-1.33.11-openwrt-19.07

[19.07] nextdns: Update to version 1.33.11

3 years agonextdns: Update to version 1.33.11 15974/head
Olivier Poitrey [Sat, 26 Jun 2021 18:00:29 +0000 (18:00 +0000)]
nextdns: Update to version 1.33.11

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agonano: update to 5.8
Hannu Nyman [Thu, 17 Jun 2021 16:03:11 +0000 (19:03 +0300)]
nano: update to 5.8

Update nano editor version to 5.8.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 6f2ac237a18d0c8258ca838ff4df2245960b7aef)

3 years agonet/mosquitto: Update to 1.6.15
Karl Palsson [Fri, 11 Jun 2021 13:00:35 +0000 (13:00 +0000)]
net/mosquitto: Update to 1.6.15

This is a security release

Full release notes: https://mosquitto.org/blog/2021/06/version-2-0-11-released/

Fixes a remotely triggered memory leak

Signed-off-by: Karl Palsson <karlp@etactica.com>
3 years agoMerge pull request #15806 from blocktrron/pr-xr-usb-serial-1907
David Bauer [Tue, 8 Jun 2021 15:25:37 +0000 (17:25 +0200)]
Merge pull request #15806 from blocktrron/pr-xr-usb-serial-1907

xr_usb_serial_common: fix build

3 years agoxr_usb_serial_common: add PKG_MIRROR_HASH 15806/head
David Bauer [Tue, 8 Jun 2021 15:17:56 +0000 (17:17 +0200)]
xr_usb_serial_common: add PKG_MIRROR_HASH

The CI complained about a missing PKG_MIRROR_HASH.

Signed-off-by: David Bauer <mail@david-bauer.net>
3 years agoxr_usb_serial_common: fix build
David Bauer [Sat, 22 May 2021 08:39:53 +0000 (10:39 +0200)]
xr_usb_serial_common: fix build

Building the xr_usb_serial module fails for recent 4.14 kernel with
CONFIG_PM enabled:

xr_usb_serial_common.c:1574:15: error: 'ASYNCB_INITIALIZED' undeclared
(first use in this function); did you mean 'RCU_INITIALIZER'?

Use tty_port_initialized in order to determine the status of the TTY
port.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 69cf7836df9e226b4d596d057ca6ad846201e0d0)

3 years agoMerge pull request #15770 from DeathCamel58/libnet-1.2.x-libnet-config-fix
Rosen Penev [Sun, 6 Jun 2021 19:50:20 +0000 (12:50 -0700)]
Merge pull request #15770 from DeathCamel58/libnet-1.2.x-libnet-config-fix

[19.07] libnet-1.2.x: Export `libnet-config` in development environments

3 years agoMerge pull request #15780 from stangri/19.07-https-dns-proxy
Rosen Penev [Sat, 5 Jun 2021 21:29:07 +0000 (14:29 -0700)]
Merge pull request #15780 from stangri/19.07-https-dns-proxy

[19.07] https-dns-proxy: update to 2021-06-03-1

3 years agohttps-dns-proxy: update to 2021-06-03-1 15780/head
Stan Grishin [Fri, 4 Jun 2021 23:34:20 +0000 (23:34 +0000)]
https-dns-proxy: update to 2021-06-03-1

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agolibnet: Export `libnet-config` in development enviornments 15770/head
Dylan Corrales [Thu, 3 Jun 2021 18:36:49 +0000 (14:36 -0400)]
libnet: Export `libnet-config` in development enviornments

Affects `libnet-1.2.x`

Signed-off-by: Dylan Corrales <deathcamel58@gmail.com>
3 years agobanip: remove logd dependency
Dirk Brenken [Thu, 3 Jun 2021 05:02:42 +0000 (07:02 +0200)]
banip: remove logd dependency

* removed logd dependency, see openwrt#13820 for reference

Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years agoMerge pull request #15728 from stangri/19.07-https-dns-proxy
Rosen Penev [Wed, 2 Jun 2021 05:09:08 +0000 (22:09 -0700)]
Merge pull request #15728 from stangri/19.07-https-dns-proxy

[19.07] https-dns-proxy: 2021-05-14 bugfix: fallback to HTTP/1 by default

3 years agohttps-dns-proxy: 2021-05-14 bugfix: fallback to HTTP/1 by default 15728/head
Stan Grishin [Tue, 1 Jun 2021 04:32:42 +0000 (04:32 +0000)]
https-dns-proxy: 2021-05-14 bugfix: fallback to HTTP/1 by default

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agonetdata: update to version 1.30.1
Josef Schlehofer [Wed, 14 Apr 2021 22:39:03 +0000 (00:39 +0200)]
netdata: update to version 1.30.1

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 1d532fa545eef1ebd3ebef6ab41dfd709ad991e1)

3 years agoMerge pull request #15717 from stangri/19.07-https-dns-proxy
Rosen Penev [Sat, 29 May 2021 22:00:04 +0000 (15:00 -0700)]
Merge pull request #15717 from stangri/19.07-https-dns-proxy

[19.07] https-dns-proxy: update to 2021-05-14-1; bugfixes for dhcp server backup

3 years agohttps-dns-proxy: update to 2021-05-14-1; bugfixes for dhcp server backup 15717/head
Stan Grishin [Sat, 29 May 2021 20:12:27 +0000 (20:12 +0000)]
https-dns-proxy: update to 2021-05-14-1; bugfixes for dhcp server backup

Signed-off-by: Stan Grishin <stangri@melmac.net>
3 years agosyslog-ng: update to 3.32.1
W. Michael Petullo [Mon, 10 May 2021 17:59:28 +0000 (12:59 -0500)]
syslog-ng: update to 3.32.1

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit f93ef647932aa05a7a4eab69ffd9f49441076f81)

3 years agonano: update version to 5.7
Hannu Nyman [Sat, 1 May 2021 20:50:21 +0000 (23:50 +0300)]
nano: update version to 5.7

Upgrade nano editor to version 5.7.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 765e9868579e1da270b3c831ecf34949013cdf01)

3 years agonextdns: Update to version 1.32.1
Olivier Poitrey [Fri, 30 Apr 2021 15:51:03 +0000 (15:51 +0000)]
nextdns: Update to version 1.32.1

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
3 years agobind: bump to 9.16.15
Noah Meyerhans [Thu, 29 Apr 2021 18:08:58 +0000 (11:08 -0700)]
bind: bump to 9.16.15

Fixes the following security issues:

* CVE-2021-25216 - A specially crafted GSS-TSIG query could cause a buffer
                   overflow in the ISC implementation of SPNEGO.
* CVE-2021-25215 - named crashed when a DNAME record placed in the ANSWER
                   section during DNAME chasing turned out to be the final
                   answer to a client query.
* CVE-2021-25214 - Insufficient IXFR checks could result in named serving a
                   zone without an SOA record at the apex, leading to a
                   RUNTIME_CHECK assertion failure when the zone was
                   subsequently refreshed. This has been fixed by adding an
                   owner name check for all SOA records which are included
                   in a zone transfer.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
3 years agozerotier: update to 1.6.5
Moritz Warning [Tue, 27 Apr 2021 15:13:27 +0000 (17:13 +0200)]
zerotier: update to 1.6.5

Minor ZeroTier update. Refreshed patches.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
3 years agoMerge pull request #15509 from hswong3i/openwrt-19.07-SQUID_enable-ssl-crtd
Josef Schlehofer [Wed, 28 Apr 2021 08:06:26 +0000 (10:06 +0200)]
Merge pull request #15509 from hswong3i/openwrt-19.07-SQUID_enable-ssl-crtd

[openwrt-19.07][cherry-pick] squid: Enable dynamic SSL certificate generation

3 years agosquid: Enable dynamic SSL certificate generation 15509/head
Wong Hoi Sing Edison [Sun, 25 Apr 2021 02:38:14 +0000 (10:38 +0800)]
squid: Enable dynamic SSL certificate generation

Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07

Description:

Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    ssl_bump splice all

In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:

    https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
    sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
    ssl_bump stare all
    ssl_bump bump all

This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.

Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
(cherry picked from commit dbda77686d5dccb3d3999ed2e7dec18aab11fff8)

3 years agomosquitto: fix log_type config support
Karl Palsson [Mon, 26 Apr 2021 09:29:57 +0000 (09:29 +0000)]
mosquitto: fix log_type config support

As pointed out in https://github.com/openwrt/packages/issues/15506

The remainder of that patch isn't appropriate for 1907 however.

Signed-off-by: Karl Palsson <karlp@etactica.com>